STS-23: Secure service gateway
(
)
Protects APIs against common attacks, and evaluations (coarse-grained) authorization policies
ID
STS-23
Latest Sync Date
03/04/26 07:05:04
Status
Proposed
Overview
2. API inbound security pattern [Control Realization]
2. API inbound security pattern [Control Realization]
2. API orchestration security pattern [Control Realization]
2. API orchestration security pattern [Control Realization]
2. API orchestration security pattern [Control Realization]
STS-23: Secure service gateway
AC-4: Information Flow Enforcement
STS-23: Secure service gateway
SI-3: Malicious Code Protection
STS-23: Secure service gateway
AC-3: Access Enforcement
STS-23: Secure service gateway
CM-7: Least Functionality
STS-23: Secure service gateway
API endpoint
STS-23: Secure service gateway
STS-03: Identity provider service
STS-23: Secure service gateway
STS-23: Secure service gateway
STS-23: Secure service gateway
Secure service gateway security requirements
STS-23: Secure service gateway
API endpoint A1
STS-23: Secure service gateway
API endpoint B1
STS-23: Secure service gateway
API endpoint
STS-23: Secure service gateway
SI-10: Information Input Validation
STS-23: Secure service gateway
STS-17: Web application firewall service
NORA-2: DMZ (Demilitarized Zone)
STS-23: Secure service gateway
STS-13: Security information and event management service
STS-23: Secure service gateway
API client
STS-23: Secure service gateway
STS-23: Secure service gateway
STS-23: Secure service gateway
Domain A
STS-23: Secure service gateway
Domain B
STS-23: Secure service gateway
API endpoint A2
STS-23: Secure service gateway
API client
STS-23: Secure service gateway
API endpoint
STS-23: Secure service gateway
STS-17: Web application firewall service
STS-23: Secure service gateway
STS-17: Web application firewall service
STS-23: Secure service gateway